using-superpowers
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill uses extremely forceful, non-negotiable language designed to override the agent's standard operating procedures and reasoning capabilities.
- Evidence: The skill uses phrases like "ABSOLUTELY MUST," "This is not negotiable," "This is not optional," and "You cannot rationalize your way out of this."
- Evidence: The "Red Flags" section specifically instructs the agent to ignore its own internal logic and common sense (e.g., "I need more context first") in favor of immediate tool invocation.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill creates a high-risk surface for indirect prompt injection by forcing the agent to invoke tools based on a "1% chance" of relevance.
- Ingestion points: The agent is instructed to trigger the
Skilltool based on the content of user messages (SKILL.md). - Boundary markers: None present. The skill explicitly removes boundaries by demanding invocation "BEFORE any response or action."
- Capability inventory: The skill mandates the use of the
Skilltool, which loads and executes external skill definitions (SKILL.md). - Sanitization: None present; the skill encourages following external skills "exactly" for "Rigid" types.
Audit Metadata